http.c: Reload TLS even if http.conf hasn't changed
authorSean Bright <sean.bright@gmail.com>
Wed, 3 Oct 2018 12:56:34 +0000 (08:56 -0400)
committerSean Bright <sean.bright@gmail.com>
Wed, 3 Oct 2018 13:35:12 +0000 (08:35 -0500)
There is currently no way to indicate to Asterisk that TLS certificates
and/or keys have been updated other than by modifying http.conf or
restarting Asterisk.

There is already code in main/tcptls.c that determines if a reload is
actually necessary based on the hashes of the certicate and dependent
files, so this change merely gives us a way to request a reload without
explicitly modifying http.conf.

Change-Id: Ie795420dcc7eb3d91336820688a29adbcc321276

main/http.c

index 5d0b89e..dcf90ae 100644 (file)
@@ -2066,7 +2066,15 @@ static int __ast_http_load(int reload)
        int http_tls_was_enabled = 0;
 
        cfg = ast_config_load2("http.conf", "http", config_flags);
-       if (!cfg || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) {
+       if (!cfg || cfg == CONFIG_STATUS_FILEINVALID) {
+               return 0;
+       }
+
+       /* Even if the http.conf hasn't been updated, the TLS certs/keys may have been */
+       if (cfg == CONFIG_STATUS_FILEUNCHANGED) {
+               if (http_tls_cfg.enabled && ast_ssl_setup(https_desc.tls_cfg)) {
+                       ast_tcptls_server_start(&https_desc);
+               }
                return 0;
        }